Hi,
Recently I have experienced a number of cases when a user's account was broken into and malicious scripts installed, or content was modified/deleted etc.
Logs show that hackers had access to the FTP / account password, I assume they got it somehow from the user's PC which had the site password stored or keylogger, or...
So I need to introduce some more security.
I had the following idea: no FTP is to be allowed unless the client IP is in a whitelist. As clients normally use dynamic IP, I would authenticate their IP by telling the users to visit a web page first. Hosts that POP from the server would also be added to the temporary white list.
Is there a ready-made solution for the above or does anyone have any better ideas?
How would you implement this?
Rgds,
hkr
Recently I have experienced a number of cases when a user's account was broken into and malicious scripts installed, or content was modified/deleted etc.
Logs show that hackers had access to the FTP / account password, I assume they got it somehow from the user's PC which had the site password stored or keylogger, or...
So I need to introduce some more security.
I had the following idea: no FTP is to be allowed unless the client IP is in a whitelist. As clients normally use dynamic IP, I would authenticate their IP by telling the users to visit a web page first. Hosts that POP from the server would also be added to the temporary white list.
Is there a ready-made solution for the above or does anyone have any better ideas?
How would you implement this?
Rgds,
hkr
